I'm pretty sure nin isn't stupid and those forms aren't filled out. However, he's the exception, not the rule. If you bet that the majority of users of public services are mouthbreathing morons who can't multiply 3 by 9 to get 27, then you're at a good start in understanding just how broad the surface area is for attack vectors. They will dump in pictures of their kids, of personally identifying events or situations plus the information needed to commit identity theft.

Think about it, how many people use the same login/email and password combo for multiple sites? How many stories have we read recently in the news where Forum X gets broken in to and now Yahoo, Twitter, LinkedIn, Facebook and other high profile entities are also compromised? TONS. Even if they're relatively the same story about a single event or small number of events, it's enough of a distribution to hit a demographic much wider than the actual demographic effected.

Then we start seeing sensationalist news articles and reports on television of "CAN A PEDOPHILE PERV YOUR KID WITHOUT YOUR KNOWLEDGE? FILM AT 11!!!eleventy!one" or "HACKERS ARE USING YOUR INfO TO RACK UP THOUSANDS OF DOLLARS IN FRAUDULENT PORN CHARGES!" They always go with a a fearful yet slightly salacious angle because the media knows that in the US marketplace, that shit sells. Fear is currently a better bait than sex. That's really fucking sad and yet we're doing our best to propogate the basis for that fear. Why? All it does is lead to old men in a big white marble building to make stupid decisions in an effort to win their reelection bids.

We're seeing it happen already. Why on earth are we moving to systems where the security to protect them is so nascent that it may as well be wet tissue paper? Sure, I can't break an EC2 cluster...but then it's not my job to do so, either. Were it, you can bet that it would eventually go down because what it stores is worth hundreds of millions of dollars. Real money to people who want to use it in a fraud industry worth hundreds of billions. Further, there's absolutely no recourse available to the consmuer, or punitive damages agaisnt the storage hosting companies, when that data is stolen, compromised and then used illicitly. When it happens to a large corporation that has enough money to pour in to a lawsuit against the cloud providers, that is the only time we're actually going to see if the EULA of "We can act like retarded baboons and you can't sue us" will actually hold weight in court. Until then, your average consumer doesn't have the financial or legal resources to effectively protect themselves from the incompetence and/or malfeasence of a company who has fucked them over by allowing their systems to be compromised.

It's not me that I worry about, it's the snowball effect that worries me.